So a while ago i found out i had a Trojan horse(Ad-Aware detected it)i have quarantined and deleted it from my system, but i have some questions. Okay so as far as i understand what a Trojan horse does is makes a back door for a hacker to be able to hack my computer?I know the only way a hacker... cracker can remote access my computer is only if i'm connected to the internet, now can a hacker only access my computer through an open port or is there another way he can access my computer? Also how much of a deterrent is a dynamic IP, and also how good is Ad-Awre and AVG against Trojan horses?Oh yes one more thing yes i am using windows 7... I know, I know but before you judge, i am getting my own computer soon(I'm using the family computer right now) and i will run Ubuntu Linix on it its just that i have used Virtual Box to run Ubuntu on windows but it slowed the computer down, so in the meantime i'm stuck using windows.

A Trojan doesn't have to set up a connection and allow a hacker access, It can have just a regular payload (ex: to delete your System32 folder) just as any other virus can. But as you said, yes, many Trojans do set up an open port and wait for commands from the remote hacker. I'm not exactly sure if a Dynamic IP may save you, but I'd say that it won't. If it is the Trojan that connects to an IRC server, regardless of your IP, the Trojan will still be able to connect. But there are other means of connection, IRC isn't the only thing out there.

If you do have a dynamic ip address it could just send a ping request to your server that is setup while packet sniffing, or visit a webpage you've set up specifically for this and you would be able to get the current ip address that way.

I am going to suggest that sometimes you may not be safe even after removal of the trojan, because if your attacker was watching your efforts to remove it, they could have worked on your AV to ignore the next trojan they are going to install - letting you believe you have solved the problem so they can continue with whatever they are doing.

Might be a good idea to do a full re install if you're concerned still.

xTractatorix wrote:So what your saying is that the Trojan may not have been deleted, but if the Trojan is removed for good am i safe? In other words once the Trojan is removed for good will i still be as susceptible?

I'm not an expert on trojans but I know a little bit about how they can work. From a concept perspective, more advanced trojans will split themselves up so in the event an AV does catch it, only a small portion of code is deleted. This prevents the hacker from having root access to your machine but it still allows a keygen to operate or a automated message to the hacker informing him of losing his access to which machine with all your details. However, MOST trojans you come across aren't like that. You get hit with a trojan cocktail of things, which disables your task manager, deletes your system restore saves, opens ports, etc.

My suggestion to you is that after running your AV, download a fresh copy of it. Disconnect from the net and reinstall. This will give you fresh default settings and will ensure that if the hacker/trojan put itself on the exception list without you easily able to see it, it gets caught. In this case I say you start using Spybot Search & Destroy and make use of the TeaTimer. It alerts you when registry items are changed or something tries to install or access the internet and you can stop it. Finally run a check for registry errors. Check out this thread for some suggestions. SS&D also has a tool for this.

If you still notice strange things happening. Yes a fresh install might be a good idea.

"The quieter you become, the more you are able to hear...""Drink all the booze, hack all the things."

Yes, viruses can leave backdoors. But like already said above, they can do a number of things. They could unleash a payload just to fuck with your computer. Or they could just be part of a botnet, which is pretty likely. In that case, your computer will probably be making a connection back to him every once in a while. And it probably isn't likely that he's going to be targeting you specifically by keylogging for your Facebook password, but it is something to be aware of. If your virus scanners are updated, and all checks are clean, then you can probably start to feel a little better.